Non-wire contact device application for cryptographic module interfaces

US 6,971,021 B1
Filed: 03/08/2000
Issued: 11/29/2005
Est. Priority Date: 03/08/2000
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus for providing cryptographic services to a host, the apparatus comprising:

at least one non-contact cryptographic data receiver for receiving cryptographic data through at least one non-contact interface, the cryptographic data for use to provide at least one cryptographic service on separate host data;

a host data receiver different from the at least one non-contact cryptographic data receiver, for receiving host data from a host; and

a central processing unit (CPU) having memory and programming for receiving cryptographic data from the at least one cryptographic data receiver and host data from the host data receiver and processing said data to provide at least one cryptographic service using said cryptographic data on the host data to produce output data.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Non-contact interfaces to cryptographic modules include non-contact inputs, which may contain magnetic coupling, RF coupling, infrared coupling, optical coupling or acoustical coupling to load cryptographic data into cryptographic modules. By using non-contact methods of coupling, the physical inputs to the module can be hidden, as no external connectors to input cryptographic data are required. In addition, several non-contact inputs can be disposed within a cryptographic module, at orientations and spacings which require the specific placement of transmitting units, thereby increasing the security of the module. In addition, by having several inputs to the cryptographic module, the cryptographic function may be made to be dependent on a sequencing of data between the inputs and/or may require simultaneous inputs on two or more sensors.

32 Citations

View as Search Results

60 Claims

1. An apparatus for providing cryptographic services to a host, the apparatus comprising:
- at least one non-contact cryptographic data receiver for receiving cryptographic data through at least one non-contact interface, the cryptographic data for use to provide at least one cryptographic service on separate host data;
  
  a host data receiver different from the at least one non-contact cryptographic data receiver, for receiving host data from a host; and
  
  a central processing unit (CPU) having memory and programming for receiving cryptographic data from the at least one cryptographic data receiver and host data from the host data receiver and processing said data to provide at least one cryptographic service using said cryptographic data on the host data to produce output data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. An apparatus as in claim 1, wherein the at least one non-contact cryptographic data receiver comprises a non-contact receiver chosen from the group consisting of:
    - a magnetic receiver, a radio frequency receiver, an optical receiver, an infrared receiver, an ultrasonic receiver, and an induction receiver.
  - 3. An apparatus as in claim 1 wherein each of the at least one non-contact interfaces is a receive only interface.
  - 4. An apparatus as in claim 1, further comprising a housing separate from the host, the housing containing the CPU, the at least one non-contact cryptographic data receiver, the at least one non-contact interface and the host data receiver, wherein the at least one non-contact interface is hidden from view from outside of the housing.
  - 5. An apparatus as in claim 1, wherein the at least one non-contact receiver is directional, capable of receiving only a directionally restricted input.
  - 6. An apparatus as in claim 5, wherein the directionally restricted input is accomplished by an orientation of the non-contract cryptographic data receiving sensor.
  - 7. An apparatus as in claim 5 wherein the directionally restricted input of the non-contract cryptographic data receiving sensor is accomplished by shielding the non-contact sensor.
  - 8. An apparatus as in claim 1, wherein the host interface is coupled to the host data receiver for providing host data from the host to the receiver, the host interface being separate from the non-contact interface.
  - 9. An apparatus as in claim 1, wherein the cryptographic data comprises at least one algorithm and wherein providing at least one security service on host data comprises applying the algorithm to the host data.
  - 10. An apparatus as recited in claim 9, wherein said algorithm comprises a decryption algorithm and said output data comprises a decrypted version of the host data.
  - 11. An apparatus as recited in claim 1, wherein the at least one non-contact cryptographic data receiver comprising a plurality of non-contact cryptographic data receivers, each non-contact cryptographic data receiver for receiving cryptographic data through a respective non-contact interface.
  - 12. An apparatus as in claim 11, wherein the plurality of non-contact cryptographic data receivers further comprise non-contact receivers chosen from the group consisting of:
    - magnetic receivers, radio frequency receivers, optical receivers, infrared receivers, ultrasonic receivers and induction receivers.
  - 13. An apparatus as in claim 11, wherein said plurality of non-contact cryptographic data receivers are receive-only interfaces.
  - 14. An apparatus as in claim 11, further comprising a housing separate from the host, the housing containing the CPU, each non-contact cryptographic data receiver, each non-contact interface and the host data receiver, wherein each non-contact interface is hidden from view from outside of the housing.
  - 15. An apparatus as in claim 11 wherein the plurality of non-contact receivers can receive only restricted directional input.
  - 16. An apparatus as in claim 15 wherein the reception of directional input is accomplished by the orientation of the sensors.
  - 17. An apparatus as in claim 15, wherein the reception of directional input is accomplished by shielding the sensors.
  - 18. An apparatus as recited in claim 1, wherein the at least one non-contact cryptographic data receiver comprises a plurality of spatially separated non-contact cryptographic receivers and wherein the CPU programming includes programming for receiving a plurality of different cryptographic data from the plurality of non-contact cryptographic data receivers, respectively, in a predetermined sequence.
  - 19. An apparatus as recited in claim 1, wherein the at least one non-contact cryptographic data receiver comprises a plurality of spatially separated non-contact cryptographic receivers for receiving a plurality of different cryptographic data in a predetermined sequence, and wherein the CPU programming includes programming for processing data to provide at least one cryptographic service only if the plurality of different cryptographic data is received by the receivers in the predetermined sequence.
  - 20. An apparatus as recited in claim 1, wherein the at least one non-contact cryptographic data receiver comprises a plurality of spatially separated non-contact cryptographic receivers, each non-contact cryptographic receiver having means for restricting the range of directions from which data may be received to a defined receive direction range and wherein the receive direction range for each of the receivers is different from the receive direction range of at least one of the other receivers in the plurality of receivers.
  - 21. An apparatus as in claim 1, further comprising a host interface for accepting said output data and providing said output data to the host.

22. A security module for providing security services, the security module comprising:
- at least one non-contact interface for receiving security data to use to provide at least one security service on separate host data;
  
  a host interface different from the at least one non-contact interface, the host interface for receiving host data from a host computing system;
  
  a processor configured to provide said at least one security service using said security data on the host data.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 23. A module as recited in claim 22, wherein the security data comprises an algorithm and wherein providing at least one security service on host data comprises applying the algorithm to the host data.
  - 24. A module as recited in claim 23, wherein providing at least one security service further comprises producing result data from the application of the algorithm to the host data and returning the result data to the host computing system.
  - 25. A module as recited in claim 24, wherein said algorithm comprises a decryption algorithm and said result comprises a decrypted version of the host data.
  - 26. A module as recited in claim 22, wherein said non-contact interface comprises a unidirectional, receive-only interface.
  - 27. A module as recited in claim 26, wherein said host interface comprises a bi-directional interface.
  - 28. A module as recited in claim 26, wherein said non-contact interface is hidden from view.
  - 29. A module as recited in claim 22, wherein said host interface comprises a bi-directional interface.
  - 30. A module as recited in claim 22, wherein said host interface comprises a port that is accessible and viewable from outside of the module.
  - 31. A module as recited in claim 22, further comprising a housing separate from the host computing system, the housing containing said processor, wherein said non-contact interface is located within the housing and hidden from view from outside of the housing.
  - 32. A module as recited in claim 22, further comprising a housing separate from the host computing system, wherein:
    - said processor and said non-contact interface are located within the housing;
      
      said non-contact interface is hidden from view from outside of the housing; and
      
      said host interface comprises a port that is accessible and viewable from outside of the housing.
  - 33. A module as recited in claim 22, wherein the at least one non-contact interface comprises a plurality of non-contact interfaces, each for receiving security data to use to provide at least one security service on separate host data.
  - 34. A module as recited in claim 33, wherein the processor is further configured to provide the at least one security service if a plurality of different security data is received through the plurality of non-contact interfaces, respectively, in a predetermined sequence.
  - 35. A module as recited in claim 33, wherein each of the non-contact interfaces has means for restricting the range of directions from which data may be received to a defined receive direction range and wherein the receive direction range for each of the non-contact interfaces is different from the receive direction range of at least one of the other non-contact interfaces in the plurality of non-contact interfaces.

36. A process for providing security services, comprising:
- receiving security data through at least one non-contact interface, the security data for use in providing at least one security service on separate host data;
  
  receiving host data from a host computing system through a host interface that is different from said non-contact interface; and
  
  providing said at least one security service using said security data on host data received from a host computing system.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 37. A process as recited in claim 36, wherein the security data comprises an algorithm and wherein providing at least one security service on host data comprises applying the algorithm to the host data.
  - 38. A process as recited in claim 37, wherein providing at least one security service further comprises producing result data from the application of the algorithm to the host data and returning the result data to the host computing system.
  - 39. A process as recited in claim 38, wherein said algorithm comprises a decryption algorithm and said result comprises a decrypted version of the host data.
  - 40. A process as recited in claim 36, wherein said non-contact interface comprises a unidirectional, receive-only interface.
  - 41. A process as recited in claim 40, wherein said host interface comprises a bi-directional interface.
  - 42. A process as recited in claim 40, wherein said non-contact interface is hidden from view.
  - 43. A process as recited in claim 36, wherein said host interface comprises a bi-directional interface.
  - 44. A process as recited in claim 36, wherein said host interface comprises a port that is accessible and viewable from outside of the module.
  - 45. A process as recited in claim 36, wherein said processor and said non-contact interface are contained within a housing that is separate from the computing system, the non-contact interface being hidden from view from outside of the housing.
  - 46. A process as recited in claim 36, wherein said processor and said non-contact interface are located within a housing that is separate from the computing system, the non-contact interface being hidden from view from outside of the housing and wherein said host interface comprises a port that is accessible and viewable from outside of the module.
  - 47. A process as recited in claim 36, wherein receiving security data through at least one non-contact interface comprises receiving security data through a plurality of non-contact interfaces.
  - 48. A process as recited in claim 47, wherein providing the at least one security service comprises providing the at least one security service if a plurality of different security data is received through the plurality of non-contact interfaces, respectively, in a predetermined sequence.
  - 49. A module as recited in claim 47, wherein receiving security data through a plurality of non-contact interfaces comprises restricting the range of directions from which data may be received by each non-contact interface to a defined receive direction range and wherein the receive direction range for each non-contact interface is different from the receive direction range of at least one of the other non-contact interfaces in the plurality of non-contact interfaces.

50. A security system for providing security services on host data, the security system comprising:
- a security module having at least one non-contact interface for receiving security data to use to provide at least one security service on separate host data, a host interface different from the at least one non-contact interface for receiving host data, and a processor configured to provide said at least one security service using said security data on the host data; and
  
  a load module having at least one non-contact output port for providing security data to the at least one non-contact interface of the security module.
- View Dependent Claims (51, 52, 53, 54)
- - 51. A security system as recited in claim 50, wherein the at least one non-contact interface comprises a plurality of non-contact interfaces.
  - 52. A security system as recited in claim 50, wherein the at least one non-contact interface comprises a plurality of non-contact interfaces and wherein the at least one non-contact output port comprises a plurality of non-contact output ports, each of the non-contact output ports for providing security data to a respective one of the non-contact interfaces.
  - 53. A security system as recited in claim 50, further comprising a host computing system coupled in communication with the host interface of the security module, for providing host data to the security module.
  - 54. A security system as recited in claim 53, wherein the security module comprises a housing separate from the computing system and wherein said processor and said non-contact interface of the security module are contained within the housing, the non-contact interface being hidden from view from outside of the housing.

55. A security module for providing security services on host data, the security module comprising:
- at least one receiver for receiving two different communications of information;
  
  a processor operatively coupled to the receiver and configured for employing at least a portion of each of the two communications of information to produce security data and for providing at least one security service, using the security data on the host data.
- View Dependent Claims (56, 57, 58, 60)
- - 56. A security module as recited in claim 55, further comprising at least two inputs for receiving the at least two different communications of information, each input for receiving a separate communication of information.
  - 57. A security module as recited in claim 56, wherein at least one of the at least two inputs comprises a non-contact input.
  - 58. A security module as recited in claim 56, wherein each of the at least two inputs comprises a non-contact input.
  - 60. A security module as recited in claim 56, wherein a first one of the two communications of information comprises a communication of first cryptographic data, wherein the second one of the two communications of information comprises a communication of second cryptographic data, and wherein the host data may be processed by combining the first and second cryptographic data and applying the combination in a security process.

59. A security module as recited in clam 56, wherein a first one of the two communications of information comprises a communication of a first decoding key, wherein the second one of the two communications of information comprises a communication of a second decoding key, and wherein the host data may be decoded by combining the first and second decoding keys and applying the combination in a decoding process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SafeNet Incorporated (Thales SA)
Original Assignee
Rainbow Technologies, Inc. (Thales SA)
Inventors
Daspit, John Ignatius, Furusawa, Michael Masaji, Nguyen, Chieu The
Primary Examiner(s)
MOISE, EMMANUEL LIONEL

Application Number

US09/520,589
Time in Patent Office

2,092 Days
Field of Search

380/25, 380/21, 380/283, 342/44, 343/726, 340/572.1, 340/825.69, 235/472, 235/379, 235/380, 713/192, 713/159, 713/172, 375/220, 386/46
US Class Current

713/192
CPC Class Codes

G06F 21/72   in cryptographic circuits

G06F 2211/007   Encryption, En-/decode, En-...

G06Q 20/02   involving a neutral party, ...

G06Q 20/352   Contactless payments by cards

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G07F 19/211   Software architecture withi...

Non-wire contact device application for cryptographic module interfaces

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

60 Claims

Specification

Use Cases

Quick Links

Others

Non-wire contact device application for cryptographic module interfaces

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

60 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others